Cisco is a perennial front-runner in delivering cutting-edge firewall appliances for the widest possible range of deployments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent an advanced firewall platform that combines sophisticated hardware, cloud-based services, and machine learning to block, discover, and mitigate cyber attacks without manual intervention. Progent's Cisco-certified CCIE firewall consultants can assist you to plan and carry out a smooth upgrade to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and show you how to integrate Firepower appliances with Cisco's subscription-based security services to create and centrally control network environments that include branch offices, data centers, private clouds and public clouds. Progent can also help you to maintain and troubleshoot older-generation Cisco firewalls. Progent's certified cybersecurity consultants can help you with policy creation driven by industry best practices so you can build a consistent security posture across all your devices anywhere.

Cisco's Firepower NGFW Firewall Appliances
Cisco's Firepower Next Generation Firewalls (NGFWs) provide a major performance improvement over Cisco's popular ASA 5500-X security appliances and offer unified management of modern cybersecurity features like application visibility and control (AVC), next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection, distributed denial of service (DDoS) mitigation, and sandboxing. For details about Cisco's Firepower family of NGFWs Firewalls, see Firepower firewalls consulting services.

Cisco Firepower 4100 Series Firewalls Consulting

Cisco's ASA 5500-X and Legacy Firewalls
Ciscoís ASA 5500-X, ASA 5500 Series, and PIX 500 firewalls provide combined firewall, VPN, and IPS capabilities in compact single-box devices, delivering a broad range of features to match the security and compliance needs of companies ranging from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX firewalls allow network security staffs to protect their network edge and offer secure offsite and mobile connectivity while utilizing powerful management tools based on Cisco's industry-leading firewall technology.

Ciscoís ASA 5500 Series and PIX 500 firewalls have arrived at end-of-life (EOL) but remain widely used in smaller businesses as well as in a few enterprise data centers. Ciscoís ASA 5500-X Next-Generation Firewalls deliver substantially more bang for the buck and have supplanted the ASA 5500 and PIX 500 lines of firewalls for new deployments. However, Cisco's older model firewall appliances, if carefully maintained, continue to deliver a high degree of protection by providing a variety of security functions including firewall, Virtual Private Network (VPN) connections, and IPS.

After Cisco's acquisition of Sourcefire, the entire family of ASA 5500-X firewalls can be configured to enable Firepower Services, built on Sourcefire's Snort product, which is the market's most deployed intrusion protection system. Firepower services provide enhanced features such as advanced malware protection (AMP), URL filtering, real-time threat analytics, and security automation.

Progent's Cisco-premier network engineers can help you to support and debug legacy ASA 5500 Series and PIX firewalls and can also assist you to plan and carry out an efficient migration to Ciscoís ASA 5500-X firewalls with Firepower. Progent can also assist you to plan, integrate, tune, manage and debug new firewall ecosystems based on Cisco's latest ASA 5500-X models with Firepower Services. Progent can also assist you to upgrade from your Cisco ASA 5500-X deployment to Cisco's latest Firepower Next Generation Firewalls.

Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive line of ASA 5500-X security appliances features an enhanced replacement for each rack-mountable unit in the older ASA 5500 generation of firewalls. Each ASA 5500-X firewall targets the same market as the corresponding earlier models, which offers small and midsize businesses plenty of room for selecting a firewall that aligns with their security requirements and budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all incorporate 64-bit hardware with multicore processors and are capable of running Cisco's powerful security services. All devices in Cisco's ASA 5500-X product line provide dependable security across any combination of physical, virtual, and cloud deployments.

Cisco ASA 5500-X Firepower Consultants

For more details about Cisco's ASA 5500-X firewalls, Firepower services, and Progent's support for ASA 5500-X firewalls, visit Firepower configuration and troubleshooting expertise

Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances accept software or hardware modules that support Firepower Services, which offer layered defense against advanced threats. Firepower Services are powered by innovative technology adopted by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X security appliances include:

  • Layered protection against both familiar and new attacks
  • Cisco's Advanced Malware Protection (AMP) that utilizes big data to find and remediate intrusions
  • Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at clients, network infrastructure, software applications, and content to detect attacks that use multiple vectors
  • High-resolution Application Visibility and Control that is aware of thousands of applications and can automatically launch standard and customized IPS policies based on the degree of threats
Cisco Firepower Configuration Expertise

Firepower Services for Cisco ASA firewalls provide multi-layered threat protection

Smaller implementations of Cisco ASA firewalls can be effectively administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all ASA 5500-X models. ASDM provides a simple web dashboard for deploying, administering, and debugging ASA 5500-X devices and modules.

For multi-device and multi-site environments, ASA 5500-X appliances with Firepower Services can be managed with Firepower Management Center, available as one or several physical or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under several names that include Cisco Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.

Firepower Management Center Consulting

Cisco Firepower Management Center unifies event and policy control for Cisco Firepower firewalls

Cisco's Firepower Management Center provides features beyond those available with Cisco's on-box Adaptive Security Device Manager tool. Additional features include greater context awareness, Advanced Malware Protection (AMP) with mitigation for client devices, a dashboard that provides dynamic infrastructure visualization, automated policy optimization based on risk evaluation of attacks, comprehensive IPS, custom app discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting features, and application interfaces for host input and database access. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed via Cisco's ASA 5500-X on-box ASDM or the ASA 5500-X command line interface.

Cisco ASA 5500 Adaptive Security Appliances
Cisco Adaptive Security Appliances 5500 Series Firewalls build on technology behind the PIX 500 Series Security Appliance, the Cisco IPS 4200 family Intrusion Prevention System, and the Cisco VPN 3000 Series concentrator. These solutions enable the Cisco Adaptive Security Appliances (ASA) 5500 Series Firewall family to offer a platform that stops the widest range of attacks. Cisco ASA 5500 Series Firewalls provide program protection, local containment and control, and safe VPN functionality across Cisco's product line. This broad scope of security enables defense of any network section, which includes the most typical attack conduits like remote locations, locally-attached inside users, and remote connected VPNs.

Cisco ASA 5500 Series Consulting and Troubleshooting
The expandable architecture of the Cisco ASA 5500 family allows you to add more services via security service modules (SSMs) and security service cards. These user-installable enhancements provide the option of adding Intrusion Protection and content protection services like filtering virus, worms, and phishing assaults and performing data and URL screening. In addition to allowing your IT staff to respond rapidly to the latest risk vectors, the extensible design of the ASA 5500 Series also protects your hardware investment by increasing the useful life of your firewalls. The Cisco ASA 5500 Series also leverages your investment in IT team training by utilizing the familiar library of PIX 500 security management tools and protocols such as the Cisco ASDM system, protected command-line interface (CLI) access, verbose syslog, and SNMP.

Cisco Adaptive Security Appliances (ASA) firewalls provide robust application protection via intelligent, application-aware inspection engines that analyze traffic at Layers 4-7. This results in a more secure network including Web, voice, and mobile wireless services. To protect networks against application-layer attacks and to provide stronger control over the programs and protocols used in their networks, Cisco's inspection engines incorporate broad application and protocol knowledge and employ security enforcement technologies that include protocol anomaly detection and state tracking. Also incorporated are assault sensing and remediation techniques including application and protocol command filtering and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide control over IM and tunneling applications, enabling organizations to enforce usage policies and preserve bandwidth for important business applications.

For more information about Progent's support services for Cisco's ASA 5500 security appliances, go to ASA 5500 firewalls integration and debugging consulting.

PIX Firewalls
Based upon a tested, specialized software platform that delivers a wealth of security services, PIX firewalls provide a high level of security and have earned Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) certification. Cisco PIX firewalls provide protection for a wide array of VoIP and additional multimedia standards including H.323 v. 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol, RTSP, and Media Gateway Control Protocol, helping businesses to safeguard deployments of a broad range of current and next-generation VoIP and multimedia applications.

Cisco PIX Security Consultants
Cisco PIX firewalls feature a wealth of configuration, tracking, and troubleshooting features, providing IT managers the flexibility to utilize the techniques that most closely match their needs. Management solutions include common, policy-based management tools, integrated web-based administration, and support for remote-monitoring standards like Simple Network Management Protocol and syslog. The integrated Cisco Adaptive Security Device Manager (ASDM) interface provides a world-class Web-accessible management solution that significantly streamlines the deployment, ongoing configuration, and tracking of a specific Cisco PIX firewall appliance without requiring any additional software beyond a standard browser and Java applet to be running on an administrator's computer.

Administrators can also remotely set up, monitor, and analyze Cisco PIX firewall appliances using a command-line interface. Safe CLI interface access is possible using several methods including SSHv2 Protocol, Telnet over IP Security, and out-of-band via a console port. PIX firewall appliances also have dependable auto-update features, a collection of revolutionary secure remote-management services that ensure security settings and software images are always current.

For additional information about Progent's support services for PIX firewalls, visit Cisco PIX firewalls configuration and troubleshooting consulting.

Progent's Migration Support Services for Cisco Firewalls
Because Cisco has stopped selling the PIX and ASA 5500 families of firewalls, many companies are uncomfortable with depending on a key security component that may stop being supported. Cisco ASA 5500-X and Firepower NGFW Series security appliances offer the benefit of being current devices and also offer several technical and budgetary advantages in comparison to PIX firewalls. These advantages include significantly better performance, optional Secure Sockets Layer VPN support, and an expandable design that protects your investment by enabling you to self-install new security services when and if you need them. Progent's Cisco experts can assist you to determine the business value of for moving from PIX 500 or Cisco ASA 5500 firewalls, design a migration plan that allows for a quick and seamless upgrade, assist you to configure new ASA 5500-x Series or Firepower Series appliances, and offer remote training, consulting, and technical support services.

Other Ways Progent Can Help You with Cisco ASA and PIX Security Appliances
Cisco's Firepower NGFW Series, ASA 5500 Series, and PIX security appliances provide a wealth of configuration, monitoring, and analysis options that offer you the flexibility to set up these firewalls to match your business needs. Progent's CCIE authorized network consultants can show you how to design a cost-effective network infrastructure that includes Cisco security appliances and that provides world-class security, fault tolerance, performance, and recoverability. Progent's GISA and CISM-certified information security experts can assist your business to develop a security strategy appropriate for your business and can set up your firewall to support your security strategy. Progent's risk assessment experts can assess the strength of your existing firewall deployment and validate the security of your entire information system network. Progentís Help Desk support team can provide emergency remote troubleshooting for Cisco technology and can give you quick access to a Cisco network engineer.

To find out more information about Progent's professional assistance for Cisco solutions, pick a topic:

Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:

To ask Progent about engineering help for Cisco technology, call 1-800-993-9400 or see Contact Progent.